Create a detection profile

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Determine the CrowdStrike Next-Gen SIEM detections that are suitable for creating security incidents by creating a detection profile in your ServiceNow AI Platform instance.

    시작하기 전에

    Role required: sn_si.ingestion_profile_admin

    주:
    Users with the sn_si.admin role can perform all operations available to a profile admin because the sn_si.admin role inherits the required permissions by default.

    프로시저

    1. Navigate to All > CrowdStrike Next-Gen SIEM > Detection Profile.
    2. Select New.
    3. On the form, fill in the fields.
      표 1. CrowdStrike Next-Gen SIEM - Detection Ingestion Configuration form
      Field Description
      Name

      Name of the profile.

      This name is also the default name for the security tag associated with this profile.
      Active

      Option for making the profile active.

      When a profile is active, the ServiceNow AI Platform actively polls CrowdStrike Next-Gen SIEM detections and corresponding security detections are created in Security Incident Response when the filtering conditions are matched.
      Source CrowdStrike tenant that you configured to ingest detections. If you have multiple tenants configured, select the appropriate tenant for the detection types you are planning to ingest for the profile.
      Order Priority in which the profiles are executed when two or more profiles share triggering conditions. Priority values are usually provided as 100 (the default value), 200, 300, and so on.

      The profile with the lowest number has the highest priority.
      Description Optional description of the profile.
    4. Select Update .

      The initial detection profile is created with basic information. Saving the profile at this point enables you to continue with defining the profile in case you are interrupted.

    5. 옵션: Continue with the profile definition process immediately.
      1. On the CrowdStrike-Nextgen Detection Profiles page, select the profile you just created.
      2. In the progress bar, select Correlation Rules.

    다음에 수행할 작업

    Set correlation rules